Cyber criminals are using the target companys own system credentials and software administration tools to move freely throughout their network. Dell SecureWorks Counter Threat Unit (CTU) senior researcher Phil Burdette says this has been the method to gain access to networks in nearly all of the intrusions responded to by the Incident Response Team over the past year. These types of attacks are often missed by many companies until it is too late, according to incident response teams. Knowing the normal behavior of a system administrator versus an adversary is the first step in combatting these attacks, Burdettes says.”]
Source: https://www.darkreading.com/analytics/stealing-data-by-living-off-the-land-